Once more — a breach!

Have your per­sonal de­tails been com­pro­mised in what has been called SA’S big­gest ever data leak?

Financial Mail - - DATA SECURITY - Kate Fer­reira

Last week, SA so­cial me­dia cir­cles and news out­lets sounded the klaxon on a ma­jor data breach that con­tained the per­sonal iden­tity de­tails of a large por­tion of the coun­try’s res­i­dents. Here’s what you need to know:

What hap­pened?

Ear­lier this year, some­one (re­port­edly Twitter user @s7nsins) found a large file con­tain­ing per­sonal in­for­ma­tion on an open web server.

“It had been pub­lished there, and then the server was con­fig­ured to al­low di­rec­tory brows­ing

. . . any­one with a web browser could go to that ad­dress and see all the files hosted on the site,” writes in­for­ma­tion se­cu­rity ex­pert Troy Hunt.

The Twitter user shared this file with Hunt who, for var­i­ous rea­sons, didn’t deal with the mat­ter for half a year. When he started dig­ging into it last week, he quickly re­alised what he had in his pos­ses­sion, and called on his SA Twitter fol­low­ers to help him iden­tify the source.

Hunt was con­tacted by tech con­tent pro­ducer Tefo Mo­hapi, who runs the iafrikan blog and has writ­ten ar­ti­cles about the breach and its pos­si­ble sources.

The breach has been cov­ered in depth by lo­cal me­dia since then.

Who is Troy Hunt?

Hunt runs a ser­vice called Have I Been Pwned? (haveibeen­pwned.com), which al­lows peo­ple to search by user name or e-mail to see if their ac­counts have been af­fected by var­i­ous data breaches.

What’s in the file?

The re­stored “Master deeds” MYSQL data­base had more than 66m rows with unique SA of­fi­cial ID numbers, ex­plains Hunt. This in­cluded in­for­ma­tion of peo­ple both dead and alive (hence the larger-than-pop­u­la­tion fig­ure), and iden­tity at­tributes such as names, e-mails, ad­dresses, eth­nic­i­ties, gen­ders and more.

Ac­cord­ing to Hunt, there were “only 2.2m e-mail ad­dresses but tens of mil­lions of iden­ti­ties in the source data­base”, mak­ing the breach “one of the worst [he has] ever seen on many lev­els”.

Was this a hack?

No. It is im­por­tant to note that this file was not hacked by an In­ter­net “bo­gey­man”, but was made avail­able through a huge over­sight.

Who is re­spon­si­ble?

At the time of writ­ing his blog posts, Mo­hapi spec­u­lated that the data may have come from a credit bureau or data ag­gre­ga­tor. He did some dig­ging and reached out to Dra­core Data Sciences to en­quire if the com­pany was the source.

Dra­core de­nied this, and

Mo­hapi has cap­tured a back-and­forth con­ver­sa­tion with the com­pany on his blog.

This prompted sev­eral fur­ther news ar­ti­cles query­ing the source and Dra­core’s con­nec­tion, lead­ing Dra­core CEO Chantelle Fraser to write: “We con­clu­sively know that we are not the source of the data leak.”

Since then, real es­tate com­pany Aida (part of the Jig­saw group) has been iden­ti­fied as the source of the file. It re­port­edly pur­chased this data­base from Dra­core in 2014, but told jour­nal­ists it has no idea why the file was on a pub­lic-fac­ing server, and is await­ing a foren­sic re­port on the mat­ter.

Are your de­tails safe?

The data­base is large, and in­cludes info of a wide range of peo­ple (even chil­dren). What is re­mark­able is the range and depth of in­for­ma­tion in­cluded. The orig­i­nal source has been taken down, but the file was ac­ces­si­ble for at least

Newspapers in English

Newspapers from South Africa

© PressReader. All rights reserved.